Experts from both stc and Nokia joined forces and authored a paper in an attempt to raise security awareness in the industry, provide an overview of 5G security implications, and demystify some of the common topics around the subject
Saudi Arabia is leading in the adoption of 5G technology with coverage planned for almost the entire Kingdom, paving the way to becoming one of the world’s leading Digital Economies.
“stc’s 5G deployments were carefully designed with security at the core, with the goal of enabling Saudi national digital transformation via secure infrastructure, without which, no digital economy can survive in today’s cyber reality. We believe that enriching the industry with what we have learned is vital to the Cybersecurity knowledge library,” explained Eng. Yasser N. Alswailem, vice president of Cybersecurity at stc.
“Active cooperation between involved stakeholders is vital at national, regional, and international levels to implement resilient and secure digital infrastructure. Our collaboration with stc on this important topic gave us the opportunity to share together our respective views about 5G security implications regarding the assets that need to be protected, the threats and risks that we need to protect against, and most importantly, the most common mitigation steps to minimise those risks,” said Khalid Hussain, country senior officer and stc business group head at Nokia.
Ensuring security for 5G demands a fundamentally different approach. The 5G networks are complex, combining both physical and virtual infrastructure. Further, tighter integration of telecom and IT infrastructure, services, and operations in a 5G network demands a holistic look at 5G security than ever before.
Many traditional network elements of 4G are replaced in 5G by Virtual Network Functions (VNFs) and cloud architectures. 5G delivers the whole network as a Service (NaaS), which is enabled by service-oriented architecture, VNFs, cloud core, and dynamic network orchestration/slicing. 5G network elements, therefore, need to be protected against security incidents at both physical and logical layers.
“It is extremely important to be mindful of the cybersecurity risks and to take all appropriate steps to minimise such risks relying on standardised security features and additional solutions available on the market,” said eng. Eng. Yasser N. Alswailem of stc.
More broadly and depending on the overall network architecture, a combination of three different mitigation scenarios and frameworks are required.
The first is 3GPP-specified security architecture which includes an access-agnostic authentication framework and enhanced subscription privacy and user plane protection, among other features.
In the second category of network security not specified by 3GPP, it is imperative to adopt a holistic, automated security management and orchestration approach.
Lastly, robust implementation of the virtualisation layer and the overall cloud platform software, among other measures, will help in enhancing the security of the 5G network.
Operators and vendors of the mobile networks industry defined the Security Assurance Methodology (SECAM) in 3GPP standards organisation. On this basis, NESAS was developed within the GSMA. NESAS is the most suitably global security assurance scheme, and adopting it brings benefits for operators through the reduced effort for tender with security by default and measurable security.
“Globally or at least regionally accepted certification schemes are preferred. This will promote innovation and reduce overhead. The GSMA NESAS (Network Equipment Security Assurance Scheme) is a promising scheme that has the potential to become one such global certification scheme using 3GPP standards,” said Brahim Ghribi, head of government and policy affairs for the MEA region at Nokia.
Network paradigms are shifting, and the 5G network heterogeneous architecture will comprise of multiple access and infrastructure (physical and virtual) technologies that will require special attention from a cybersecurity perspective.
